]]>http://gamnix.com/2015/07/25/wesnoth-needs-your-help/feed/0Wesnoth 1.12.4, 1.13.1, and Security Advisoryhttp://gamnix.com/2015/07/25/wesnoth-1-12-4-1-13-1-and-security-advisory-3/
http://gamnix.com/2015/07/25/wesnoth-1-12-4-1-13-1-and-security-advisory-3/#commentsSat, 25 Jul 2015 02:20:35 +0000http://gamnix.com/?guid=159e9df7b00ec175ff07b2ed8e1474a8Wesnoth 1.12.4 — a maintenance release for the stable 1.12.x series — and Wesnoth 1.13.1 — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. We urge content authors using any previous version to upgrade immediately.

]]>Wesnoth 1.12.4 — a maintenance release for the stable 1.12.x series — and Wesnoth 1.13.1 — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. We urge content authors using any previous version to upgrade immediately.

]]>Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s .pbl file and this is matched against the add-ons server’s records.